Merge pull request #308 from fmount/topologyref_webhook

Complete webhook validation for topology references

Author: openshift-merge-bot[bot]

api/go.mod

@@ -4,17 +4,17 @@ go 1.21
 
 require (
 	github.com/onsi/ginkgo/v2 v2.20.1
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250315090821-34e570d2d5fb
 	github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250228124213-cd63da392f97
-	k8s.io/api v0.29.14
-	k8s.io/apimachinery v0.29.14
-	k8s.io/client-go v0.29.14
+	k8s.io/api v0.29.15
+	k8s.io/apimachinery v0.29.15
+	k8s.io/client-go v0.29.15
 	sigs.k8s.io/controller-runtime v0.17.6
 )
 
 require (
 	github.com/onsi/gomega v1.34.1
-	github.com/openstack-k8s-operators/infra-operator/apis v0.6.0
+	github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250319162810-463dd75a4cc4
 )
 
 require (
@@ -67,8 +67,8 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.14 // indirect
-	k8s.io/component-base v0.29.14 // indirect
+	k8s.io/apiextensions-apiserver v0.29.15 // indirect
+	k8s.io/component-base v0.29.15 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect

api/go.sum

@@ -72,10 +72,10 @@ github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo
 github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
 github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
-github.com/openstack-k8s-operators/infra-operator/apis v0.6.0 h1:28i9Yc3UAdQK8VNzk0ubwq4n+qLuhD0nk6/7iHgD9us=
-github.com/openstack-k8s-operators/infra-operator/apis v0.6.0/go.mod h1:JgcmYJyyMKfArK8ulZnbls0L01qt8Dq6s5LH8TZH63A=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97 h1:3LC66vrXJzGMV/eCdvImosOEL2Cgc2KFJIm2YhfTG3w=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97/go.mod h1:rgpcv2tLD+/vudXx/gpIQSTuRpk4GOxHx84xwfvQalM=
+github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250319162810-463dd75a4cc4 h1:wb2zsr9x9LantNLN/9dmYM42c3yLq3QuzsoOlGpDUxM=
+github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250319162810-463dd75a4cc4/go.mod h1:n5DV/lGE9DHryAJ+JLJSgUXI2QHTj+aN4KoeSNC3PfU=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250315090821-34e570d2d5fb h1:UAFYEHnbyhO0+yymquFmIqxc9QGji9mzreuYrDS1Ev4=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250315090821-34e570d2d5fb/go.mod h1:1CtBP0MQffdjE6buOv5jP2rB3+h7WH0a11lcyrpmxOk=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250228124213-cd63da392f97 h1:xQ7/UNSPVRzwQq7wYG9i87dCCQztgmz1kqn2sy6HhlQ=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250228124213-cd63da392f97/go.mod h1:u7Zqmyt1WB96KSz8apYltrZV9xlL0tTVYwOk9+6G57k=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -180,16 +180,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.29.14 h1:JWFh5ufowH3Y6tCgEzY3URVJHb27f0tEDEej0nCjWDw=
-k8s.io/api v0.29.14/go.mod h1:IV8YqKxMm8JGLBLlHM13Npn5lCITH10XYipWEW+YEOQ=
-k8s.io/apiextensions-apiserver v0.29.14 h1:gw9WXrZJPu5kpI1UC+Wf8BVe9PWwRUB/UZXU8VzBsq4=
-k8s.io/apiextensions-apiserver v0.29.14/go.mod h1:TJ51W+HKW2XqTtAsEFOz1/OohsMtekbKaTXh8ldioL4=
-k8s.io/apimachinery v0.29.14 h1:IDhwnGNCp836SLOwW1SoEfFNV77wxIklhxeAHX9vmSo=
-k8s.io/apimachinery v0.29.14/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
-k8s.io/client-go v0.29.14 h1:OSnzZ9DClaFRgl3zMAY2kGZhNjdGJkEb+RDz+MW2h6k=
-k8s.io/client-go v0.29.14/go.mod h1:XtZt5n5UxKfPJ+sCoTPcEavWgZbLFFxMnAFFRQGK1RY=
-k8s.io/component-base v0.29.14 h1:SF1DWN7bc2VloJ/ysegGoi/aHnopEo81aw9CslhqXIw=
-k8s.io/component-base v0.29.14/go.mod h1:FoK1PHhFTaEQVvQLw29/Uyfd8Ug0qUKHrUcXIXJ1VxI=
+k8s.io/api v0.29.15 h1:QxPcAheYujeBwkdiE0vMyKkAtqUq5YNyXVqimT+me44=
+k8s.io/api v0.29.15/go.mod h1:16duIp2ez6GiLPq1g8XtZNIkw6hJpIitpxZSvv0dZ6E=
+k8s.io/apiextensions-apiserver v0.29.15 h1:XI5axgsWqMlIIgpHbcz5vPjk06i3ibHv5FUdSfdtQLU=
+k8s.io/apiextensions-apiserver v0.29.15/go.mod h1:6ZU61z32I8WUwbBTPIANUesTj5G40sZek0ojmeoMJI8=
+k8s.io/apimachinery v0.29.15 h1:aLc0wghElkdnTO7TMVTxTrifoXah1lqRL8s6szDHGbg=
+k8s.io/apimachinery v0.29.15/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
+k8s.io/client-go v0.29.15 h1:zCBOXKCtz9Hl8boKUGs8zbtZEP6pc7O8Ov3ma+gnS6o=
+k8s.io/client-go v0.29.15/go.mod h1:xPy0D3p4sonPhZhI3QoYo4m7oLKoPjFf4vYF9oxoxNM=
+k8s.io/component-base v0.29.15 h1:CvmXXTDyk43FDaiJ/Rp+yWFjw6hkUI2t7mIJUrK5j00=
+k8s.io/component-base v0.29.15/go.mod h1:jH/sbuvmXew2Fz2iIKNMeNw8o/d1KR9tAg6uekQKnVk=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo=

api/v1beta1/common_types.go

@@ -19,6 +19,7 @@ package v1beta1
 import (
 	topologyv1 "github.com/openstack-k8s-operators/infra-operator/apis/topology/v1beta1"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
 const (
@@ -140,3 +141,15 @@ type PasswordSelector struct {
 	// Service - Selector to get the designate service password from the Secret
 	Service string `json:"service"`
 }
+
+// ValidateTopology -
+func (instance *DesignateServiceTemplateCore) ValidateTopology(
+	basePath *field.Path,
+	namespace string,
+) field.ErrorList {
+	var allErrs field.ErrorList
+	allErrs = append(allErrs, topologyv1.ValidateTopologyRef(
+		instance.TopologyRef,
+		*basePath.Child("topologyRef"), namespace)...)
+	return allErrs
+}

api/v1beta1/designate_webhook.go

@@ -263,72 +263,55 @@ func (spec *DesignateSpec) ValidateDesignateTopology(basePath *field.Path, names
 
 	// When a TopologyRef CR is referenced, fail if a different Namespace is
 	// referenced because is not supported
-	if spec.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	allErrs = append(allErrs, topologyv1.ValidateTopologyRef(
+		spec.TopologyRef, *basePath.Child("topologyRef"), namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to DesignateAPI, fail
 	// if a different Namespace is referenced because not supported
-	if spec.DesignateAPI.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateAPI.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	apiPath := basePath.Child("designateAPI")
+	allErrs = append(allErrs,
+		spec.DesignateAPI.ValidateTopology(apiPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to DesignateBackendbind9
 	// fail if a different Namespace is referenced because not supported
-	if spec.DesignateBackendbind9.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateBackendbind9.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	bind9Path := basePath.Child("designateBackendBind9")
+	allErrs = append(allErrs,
+		spec.DesignateBackendbind9.ValidateTopology(bind9Path, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateCentral, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateCentral.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateCentral.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	centralPath := basePath.Child("designateCentral")
+	allErrs = append(allErrs,
+		spec.DesignateCentral.ValidateTopology(centralPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateMDNS, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateMdns.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateMdns.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	mdnsPath := basePath.Child("designateMdns")
+	allErrs = append(allErrs,
+		spec.DesignateMdns.ValidateTopology(mdnsPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateProducer, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateProducer.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateProducer.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	prodPath := basePath.Child("designateProducer")
+	allErrs = append(allErrs,
+		spec.DesignateProducer.ValidateTopology(prodPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateUnbound, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateUnbound.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateUnbound.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	unboundPath := basePath.Child("designateUnbound")
+	allErrs = append(allErrs,
+		spec.DesignateUnbound.ValidateTopology(unboundPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateWorker, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateWorker.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateWorker.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	workerPath := basePath.Child("designateWorker")
+	allErrs = append(allErrs,
+		spec.DesignateWorker.ValidateTopology(workerPath, namespace)...)
 
 	return allErrs
 }
@@ -340,72 +323,55 @@ func (spec *DesignateSpecCore) ValidateDesignateTopology(basePath *field.Path, n
 
 	// When a TopologyRef CR is referenced, fail if a different Namespace is
 	// referenced because is not supported
-	if spec.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	allErrs = append(allErrs, topologyv1.ValidateTopologyRef(
+		spec.TopologyRef, *basePath.Child("topologyRef"), namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to DesignateAPI, fail
 	// if a different Namespace is referenced because not supported
-	if spec.DesignateAPI.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateAPI.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	apiPath := basePath.Child("designateAPI")
+	allErrs = append(allErrs,
+		spec.DesignateAPI.ValidateTopology(apiPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to DesignateBackendbind9
 	// fail if a different Namespace is referenced because not supported
-	if spec.DesignateBackendbind9.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateBackendbind9.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	bind9Path := basePath.Child("designateBackendBind9")
+	allErrs = append(allErrs,
+		spec.DesignateBackendbind9.ValidateTopology(bind9Path, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateCentral, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateCentral.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateCentral.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	centralPath := basePath.Child("designateCentral")
+	allErrs = append(allErrs,
+		spec.DesignateCentral.ValidateTopology(centralPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateMDNS, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateMdns.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateMdns.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	mdnsPath := basePath.Child("designateMdns")
+	allErrs = append(allErrs,
+		spec.DesignateMdns.ValidateTopology(mdnsPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateProducer, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateProducer.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateProducer.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	prodPath := basePath.Child("designateProducer")
+	allErrs = append(allErrs,
+		spec.DesignateProducer.ValidateTopology(prodPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateUnbound, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateUnbound.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateUnbound.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	unboundPath := basePath.Child("designateUnbound")
+	allErrs = append(allErrs,
+		spec.DesignateUnbound.ValidateTopology(unboundPath, namespace)...)
 
 	// When a TopologyRef CR is referenced with an override to an instance of
 	// DesignateWorker, fail if a different Namespace is referenced because not
 	// supported
-	if spec.DesignateWorker.TopologyRef != nil {
-		if err := topologyv1.ValidateTopologyNamespace(spec.DesignateWorker.TopologyRef.Namespace, *basePath, namespace); err != nil {
-			allErrs = append(allErrs, err)
-		}
-	}
+	workerPath := basePath.Child("designateWorker")
+	allErrs = append(allErrs,
+		spec.DesignateWorker.ValidateTopology(workerPath, namespace)...)
 
 	return allErrs
 }

go.mod

@@ -11,15 +11,15 @@ require (
 	github.com/onsi/ginkgo/v2 v2.20.1
 	github.com/onsi/gomega v1.34.1
 	github.com/openstack-k8s-operators/designate-operator/api v0.1.1-0.20240807132522-6c2eca7c6bbb
-	github.com/openstack-k8s-operators/infra-operator/apis v0.6.0
+	github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250319162810-463dd75a4cc4
 	github.com/openstack-k8s-operators/keystone-operator/api v0.6.1-0.20250309111939-0605fce19482
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250315090821-34e570d2d5fb
 	github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250228124213-cd63da392f97
 	github.com/openstack-k8s-operators/mariadb-operator/api v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.29.14
-	k8s.io/apimachinery v0.29.14
-	k8s.io/client-go v0.29.14
+	k8s.io/api v0.29.15
+	k8s.io/apimachinery v0.29.15
+	k8s.io/client-go v0.29.15
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	sigs.k8s.io/controller-runtime v0.17.6
 )
@@ -81,8 +81,8 @@ require (
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.14 // indirect
-	k8s.io/component-base v0.29.14 // indirect
+	k8s.io/apiextensions-apiserver v0.29.15 // indirect
+	k8s.io/component-base v0.29.15 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect